Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Problem signing metadata

Subject: OpenSAML user discussion

List archive

Re: Problem signing metadata


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: Problem signing metadata
  • Date: Thu, 13 Dec 2007 18:34:32 +0100
  • Organization: SWITCH

Which version of Java are you using?

Jaime Pérez Crespo wrote:
Hi all,

I'm working on the eduGAIN integration with OpenSAML2, specifically, with the part involving signing and validating documents. I've coded the signature method and I'm trying to test it with a metadata document we are using at our metadata server. This is the code I'm using to sign objects:

Signature signature = new SignatureBuilder().buildObject();
signature.setSigningCredential(this.credential);
signature.setSignatureAlgorithm(this.signaturealg);
signature.setCanonicalizationAlgorithm(this.canonicalizationalg);
obj.setSignature(signature);

Marshaller marshaller;
MarshallerFactory mfact = Configuration.getMarshallerFactory();
marshaller = mfact.getMarshaller(obj);
try {
marshaller.marshall(obj);
} catch (MarshallingException ex) {
this.log.error("error while signing SAML object: "+ex.getLocalizedMessage());
throw new ValidationException("error while signing SAML Object: "+ex.getLocalizedMessage());
}
Signer.signObject(signature);

note that "obj" is a "SignableSAMLObject".

Now, when my signing code reaches the marshaller, I get the following exception:

Exception in thread "main" java.lang.NullPointerException
at java.util.TreeMap.compare(TreeMap.java:1093)
at java.util.TreeMap.put(TreeMap.java:465)
at java.util.TreeSet.add(TreeSet.java:210)
at java.util.AbstractCollection.addAll(AbstractCollection.java:318)
at java.util.TreeSet.addAll(TreeSet.java:258)
at java.util.TreeSet.<init>(TreeSet.java:143)
at org.apache.xml.security.transforms.params.InclusiveNamespaces.<init>(Unknown Source)
at org.opensaml.common.impl.SAMLObjectContentReference.processExclusiveTransform(SAMLObjectContentReference.java:172)
at org.opensaml.common.impl.SAMLObjectContentReference.createReference(SAMLObjectContentReference.java:142)
at org.opensaml.xml.signature.impl.SignatureMarshaller.createSignatureElement(SignatureMarshaller.java:114)
at org.opensaml.xml.signature.impl.SignatureMarshaller.marshall(SignatureMarshaller.java:69)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:317)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:225)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:131)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:87)
at net.geant.edugain.validation.SAMLSigner.sign(SAMLSigner.java:242)

SAMLSigner.java:242 is:

marshaller.marshall(obj);

And this is the document I'm trying to sign:

<md:EntityDescriptor ID="rediris" entityID="urn:geant:edugain:component:be:rediris:rediris.es">
<md:IDPSSODescriptor ID="idp1" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:geant:edugain:protocol:1.0">
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="http://serrano.rediris.es:8080/PAPIWebSSORequestListener/request"/>
<saml:Attribute Name="eduPersonPrincipalName"/>
</md:IDPSSODescriptor>
<md:AttributeAuthorityDescriptor ID="aa1" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
<md:AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="http://serrano.rediris.es:8080/SAMLSOAPReceiver"/>
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonPrincipalName"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonEntitlement"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:preferredLanguage"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonTargetedId"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:sn"/>
<saml:Attribute Name="urn:mace:terena.org:schac:schacsn1"/>
<saml:Attribute Name="urn:mace:terena.org:schac:schacsn2"/>
</md:AttributeAuthorityDescriptor>
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://serrano.rediris.es:8080/PAPIWebSSOResponseListener/request"; index="1" isDefault="true"/>
<!-- /response= -->
</md:SPSSODescriptor>
<egmd:OnlineCADescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0">
<egmd:OnlineCAService Location="homer.rediris.es:4088">
<md:ServiceName xml:lang="en">SASL CA Test</md:ServiceName>
<md:ServiceDescription xml:lang="en">SASL CA test online CA service interface</md:ServiceDescription>
</egmd:OnlineCAService>
</egmd:OnlineCADescriptor>
<md:Organization>
<md:Extensions>
<eghl:HLPattern eghl:MatchingAlgo="urn:geant:edugain:homelocator:matching-algo:exact" eghl:Type="AuthenticationMethod">password</eghl:HLPattern>
<eghl:HLPattern eghl:MatchingAlgo="urn:geant:edugain:homelocator:matching-algo:postfix" eghl:Type="HomeDomain">rediris.es</eghl:HLPattern>
</md:Extensions>
<md:OrganizationName xml:lang="en">RedIRIS</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">RedIRIS (Spain)</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">http://www.rediris.es</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>Ajay</md:GivenName>
<md:SurName>Daryanani</md:SurName>
<md:EmailAddress> <mailto:></md:EmailAddress>
<md:TelephoneNumber> 34 91 2127620</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>

Any idea on what can be happening?

Thanks in advance.

Regards,

--
Jaime Pérez Crespo
Middleware Engineer
red.es / RedIRIS NREN



<mailto:>


<mailto:>
http://www.rediris.es <http://www.rediris.es/>





--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch



Archive powered by MHonArc 2.6.16.

Top of Page